Gmail "Critical security alert" message, hacking attempt blocked (long post)

Hey, guys. Let me apologize in forward for this being a long post, but since this never happened to me before I just want to make sure I give you all the details to find out how this happened and help secure my account even more.

https://i.imgur.com/minU1zS.png

Recently I've received this message informing me that my account had a sign-in attempt blocked. Of course, this wasn't me since I've gotten this message both on my phone and my Gmail at 05:00 AM while I was sleeping so it leads me to believe that there was some hacking attempt and not some auto-login mistake some website or device I use made.

I live in Europe and the sign-in attempt was from the United States as seen in the picture below:

https://i.imgur.com/ClGJCcl.png
Now I have gone through all the Security Checkup steps from the link provided by Google in the first picture (assuming no-reply@accounts.google.com was from Google and not some phishing attempt) , and I have also scanned my computer for any malware using both Microsoft Security Essentials and Malwarebytes Anti-Malware (separately, not at the same time) and nothing was found, so I assume I'm safe.

I never give my passwords of any account to anyone and I'm extremely careful about what sites I use and where I log in with my Gmail account, so I honestly don't know how this happened. Any files I download I either download from a trustworthy source (Java, Microsoft, Google, etc...) or scan immediately with my antivirus programs to make sure it's safe to open.

I only have one suspicion as to what might cause this, and that is the recent Meltdown/Spectre vulnerability.

I have an Intel i5 2500K (2nd-Gen, Sandy Bridge) and a Windows 7 Ultimate x64 with the vulnerability patches/updates disabled. Now I know that I shouldn't have done that and that I'm exposing my PC to the vulnerability, the reason I did that is because those updates cause severe performance issues in video games, which is what majority of my time I'm doing on my PC.

Last question before closing:

When someone tries to access your account like this, do they actually get blocked and unable to change to change the password and use the account for any means? I'm asking this because my account is connected to my bank account and Paypal and other contact emails, so I'm wondering if those accounts as well are in jeopardy.

I've also removed any account access from unnecessary apps and websites in Manage Apps

This will be all, I hope someone will be able to help me figure this out. Once again I apologize for the long post.

Thanks in forward.
Mark WalterAsked:
Who is Participating?
 
☠ MASQ ☠Connect With a Mentor Commented:
you've changed your password - have you also got two-stage authentication enabled?  An added layer of security where Google will text you a challenge code when you try to sign in from a new device.

Any chance you are using the same password elsewhere?

Check your email against https://haveibeenpwned.com/

How much control someone with your password has over your accounts depends on your settings, make sure you have recovery details that only you know so you can go back to theite and ask them to verify your identity using those (but if they are displayed in your profile any intruder can also see these).

I'd be more concerned that the location graph from "Google" shows a US map and a Japanese IP address I don't think that's a mistake they would make ...  Also Firefox v 15.0 was withdrawn in 2012 so this is either someone with a very old computer that never gets updated or a very old graphic being used to scare you into action.

Did you respond to any links in the "Google" email?

Thanks for posting your email address publicly though ;)
0
 
Mark WalterAuthor Commented:
Hey, MASQ.

Thanks for the reply, anyway yeah, I forgot to mention that I activated 2-FA after changing the password for an extra layer of security.

No, I'm not using the same password anywhere, to make sure something like this doesn't happen (and unfortunately it did).

Checking email at haveibeenpwned does not reveal any issues or breaches.

The only recovery details that are stored in my mail are additional email accounts used for recovery in case I forget my password, or in cases like these, so I'm not sure how much other accounts are in danger but I changed the password on them too nonetheless.

Right now, I don't think that's anything serious but the person could be using a VPN to mask his IP and location.

By respond do you mean, did I reply to the email or did I click that blue button, because I didn't do the former but I did the latter as the email looked genuine because on whatever google website I go (news.google, docs.google etc...) I had a red bar warning me of this attempted sign-in.
0
 
Shaun VermaakConnect With a Mentor Technical Specialist/DeveloperCommented:
My guess would be that you do not use unique passwords for each of your online services and online of these services got their credentials leaked somehow.

Always use unique passwords for every site.

Using LastPass etc. makes this easy
http://lastpass.com
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
btanConnect With a Mentor Exec ConsultantCommented:
From the IP 45.77.133.33 it PTR to a vultr.com which is a cloud hosting infrastructure. Likely the source came from it and as traces back to the actual perpetrator will not be available. It is good that the signed in was blocked. Other possible attempts is the peripheral (USB and mobile phone connected to your notebook) or through some phishing email attachment or link. It can also be the case other social website or service that you have account with have leaked your info - good that you have different password. Here is another similar to ihavebeenpwned - that check for hacked email address

Nonetheless, we cannot stop login attempt so 2FA and use of strong passphrase is important to deter the attempts. Good that you have initiated the change of password so at least that is some saving grace.

But the Windows update to be disabled is strongly discourage. You be missing out other serious security patches (i.e. Critical rating bulletin). https://technet.microsoft.com/en-us/security/bulletins
Exploits target these low hanging fruits. Sophisticated attack can be stealthy once it managed on your machine. It get easier if you are using Administrator account for doing work and personal leisure work including surfing internet. Use another user (or less privileged) account. Look into enabling applocker assuming you have it in your machine - idea is to allow only trusted application to run. Maintain a backup separately off the machine as you will be more prepared for recovery in event of infection by nasty malware like ransomware.
0
 
btanExec ConsultantCommented:
For author advice
0
 
btanExec ConsultantCommented:
No further inputs received.
0
All Courses

From novice to tech pro — start learning today.